* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Ticket #195: 195.diff

File 195.diff, 6.4 KB (added by julian.reschke@gmx.de, 3 years ago)

proposed patch

  • p7-auth.xml

     
    294294<section title="Challenge and Response" anchor="challenge.and.response"> 
    295295  <x:anchor-alias value="auth-scheme"/> 
    296296  <x:anchor-alias value="auth-param"/> 
     297  <x:anchor-alias value="b64token"/> 
    297298  <x:anchor-alias value="challenge"/> 
    298299  <x:anchor-alias value="credentials"/> 
    299300<t> 
     
    310311  auth-param     = <x:ref>token</x:ref> <x:ref>BWS</x:ref> "=" <x:ref>BWS</x:ref> ( <x:ref>token</x:ref> / <x:ref>quoted-string</x:ref> ) 
    311312</artwork></figure> 
    312313<t> 
     314   As an alternative to a list of auth parameters, a single string can be used: 
     315</t> 
     316<figure><artwork type="abnf2616"><iref item="b64token" primary="true"/><iref primary="true" item="Grammar" subitem="b64token"/> 
     317  b64token       = 1*( <x:ref>ALPHA</x:ref> / <x:ref>DIGIT</x:ref> / 
     318                       "-" / "." / "_" / "~" / "+" / "/" ) *"="  
     319</artwork></figure> 
     320<t> 
     321   This includes the 66 unreserved URI characters (<xref target="RFC3986"/>), 
     322   plus a few others, so that it can hold a base64, base64url (URL and filename 
     323   safe alphabet), base32, or base16 (hex) encoding, with or without padding, but 
     324   excluding whitespace (<xref target="RFC4648"/>).  
     325</t> 
     326<t> 
    313327   The 401 (Unauthorized) response message is used by an origin server 
    314328   to challenge the authorization of a user agent. This response &MUST; 
    315329   include a WWW-Authenticate header field containing at least one 
     
    322336   applicable to the proxy for the requested resource. 
    323337</t> 
    324338<figure><artwork type="abnf2616"><iref item="challenge" primary="true"/><iref primary="true" item="Grammar" subitem="challenge"/> 
    325   <x:ref>challenge</x:ref>   = <x:ref>auth-scheme</x:ref> 1*<x:ref>SP</x:ref> #<x:ref>auth-param</x:ref> 
     339  <x:ref>challenge</x:ref>   = <x:ref>auth-scheme</x:ref> [ 1*<x:ref>SP</x:ref> ( <x:ref>b64token</x:ref> / #<x:ref>auth-param</x:ref> ) ] 
    326340</artwork></figure> 
    327341<x:note> 
    328342  <t> 
     
    360374   understands and request credentials from the user based upon that challenge. 
    361375</t> 
    362376<figure><artwork type="abnf2616"><iref item="credentials" primary="true"/><iref primary="true" item="Grammar" subitem="credentials"/> 
    363   <x:ref>credentials</x:ref> = <x:ref>auth-scheme</x:ref> 1*<x:ref>SP</x:ref> ( <x:ref>token</x:ref> 
    364                                  / <x:ref>quoted-string</x:ref> 
    365                                  / #<x:ref>auth-param</x:ref> ) 
     377  <x:ref>credentials</x:ref> = <x:ref>auth-scheme</x:ref> [ 1*<x:ref>SP</x:ref> ( <x:ref>b64token</x:ref> / #<x:ref>auth-param</x:ref> ) ] 
    366378</artwork></figure> 
    367379<t> 
    368380   If the origin server does not wish to accept the credentials sent 
     
    473485    </x:lt> 
    474486    <x:lt> 
    475487    <t> 
     488      The "b64token" notation was introduced for compatibility with existing 
     489      authentication schemes, it &MUST-NOT; be used in new schemes. 
     490    </t> 
     491    </x:lt> 
     492    <x:lt> 
     493    <t> 
    476494      Authentication schemes need to document whether they are usable in 
    477495      origin-server authentication (i.e., using WWW-Authenticate), and/or 
    478496      proxy authentication (i.e., using Proxy-Authenticate). 
     
    10351053  <seriesInfo name='RFC' value='3864' /> 
    10361054</reference> 
    10371055 
     1056<reference anchor="RFC3986"> 
     1057 <front> 
     1058  <title abbrev='URI Generic Syntax'>Uniform Resource Identifier (URI): Generic Syntax</title> 
     1059  <author initials='T.' surname='Berners-Lee' fullname='Tim Berners-Lee'> 
     1060    <organization abbrev="W3C/MIT">World Wide Web Consortium</organization> 
     1061    <address> 
     1062       <email>timbl@w3.org</email> 
     1063       <uri>http://www.w3.org/People/Berners-Lee/</uri> 
     1064    </address> 
     1065  </author> 
     1066  <author initials='R.' surname='Fielding' fullname='Roy T. Fielding'> 
     1067    <organization abbrev="Day Software">Day Software</organization> 
     1068    <address> 
     1069      <email>fielding@gbiv.com</email> 
     1070      <uri>http://roy.gbiv.com/</uri> 
     1071    </address> 
     1072  </author> 
     1073  <author initials='L.' surname='Masinter' fullname='Larry Masinter'> 
     1074    <organization abbrev="Adobe Systems">Adobe Systems Incorporated</organization> 
     1075    <address> 
     1076      <email>LMM@acm.org</email> 
     1077      <uri>http://larry.masinter.net/</uri> 
     1078    </address> 
     1079  </author> 
     1080  <date month='January' year='2005'></date> 
     1081 </front> 
     1082 <seriesInfo name="STD" value="66"/> 
     1083 <seriesInfo name="RFC" value="3986"/> 
     1084</reference> 
     1085 
     1086<reference anchor="RFC4648"> 
     1087  <front> 
     1088    <title>The Base16, Base32, and Base64 Data Encodings</title> 
     1089    <author fullname="S. Josefsson" initials="S." surname="Josefsson"/> 
     1090    <date year="2006" month="October"/> 
     1091  </front> 
     1092  <seriesInfo value="4648" name="RFC"/> 
     1093</reference> 
     1094 
    10381095<reference anchor='RFC5226'> 
    10391096  <front> 
    10401097    <title>Guidelines for Writing an IANA Considerations Section in RFCs</title> 
     
    10611118  (<xref target="access.authentication.framework"/>) 
    10621119</t> 
    10631120<t> 
     1121  The "b64token" alternative to auth-param lists has been added for consistency 
     1122  with legacy authentication schemes such as "Basic". 
     1123  (<xref target="access.authentication.framework"/>) 
     1124</t> 
     1125<t> 
    10641126  Change ABNF productions for header fields to only define the field value. 
    10651127  (<xref target="header.fields"/>) 
    10661128</t> 
     
    10861148<x:ref>auth-param</x:ref> = token BWS "=" BWS ( token / quoted-string ) 
    10871149<x:ref>auth-scheme</x:ref> = token 
    10881150 
    1089 <x:ref>challenge</x:ref> = auth-scheme 1*SP [ ( "," / auth-param ) *( OWS "," [ OWS 
    1090  auth-param ] ) ] 
    1091 <x:ref>credentials</x:ref> = auth-scheme 1*SP ( token / quoted-string / [ ( "," / 
    1092  auth-param ) *( OWS "," [ OWS auth-param ] ) ] ) 
     1151<x:ref>b64token</x:ref> = 1*( ALPHA / DIGIT / "-" / "." / "_" / "~" / "+" / "/" ) 
     1152 *"=" 
    10931153 
     1154<x:ref>challenge</x:ref> = auth-scheme [ 1*SP ( b64token / [ ( "," / auth-param ) *( 
     1155 OWS "," [ OWS auth-param ] ) ] ) ] 
     1156<x:ref>credentials</x:ref> = auth-scheme [ 1*SP ( b64token / [ ( "," / auth-param ) 
     1157 *( OWS "," [ OWS auth-param ] ) ] ) ] 
     1158 
    10941159<x:ref>quoted-string</x:ref> = &lt;quoted-string, defined in [Part1], Section 1.2.2&gt; 
    10951160 
    10961161realm = "realm=" realm-value 
     
    13021367      "Realm required on challenges" 
    13031368    </t> 
    13041369    <t> 
     1370      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/195"/>: 
     1371      "auth-param syntax" 
     1372    </t> 
     1373    <t> 
    13051374      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/257"/>: 
    13061375      "Considerations for new authentications schemes" 
    13071376    </t>